fix format.
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
This commit is contained in:
Bo-Yi Wu
parent
82181a672a
commit
3270937c3a
|
|
@ -1,15 +1,15 @@
|
||||||
# The X-Frame-Options header indicates whether a browser should be allowed
|
# The X-Frame-Options header indicates whether a browser should be allowed
|
||||||
# to render a page within a frame or iframe.
|
# to render a page within a frame or iframe.
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
# MIME type sniffing security protection
|
# MIME type sniffing security protection
|
||||||
# There are very few edge cases where you wouldn't want this enabled.
|
# There are very few edge cases where you wouldn't want this enabled.
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
# The X-XSS-Protection header is used by Internet Explorer version 8+
|
# The X-XSS-Protection header is used by Internet Explorer version 8+
|
||||||
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
|
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
|
||||||
# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
|
# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
|
||||||
# you can tell the browser that it can only download content from the domains you explicitly allow
|
# you can tell the browser that it can only download content from the domains you explicitly allow
|
||||||
# CSP can be quite difficult to configure, and cause real issues if you get it wrong
|
# CSP can be quite difficult to configure, and cause real issues if you get it wrong
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Nginx's spdy module is compiled by default from 1.6
|
# Nginx's spdy module is compiled by default from 1.6
|
||||||
# SPDY only works on HTTPS connections
|
# SPDY only works on HTTPS connections
|
||||||
|
|
||||||
# Inform browser of SPDY availability
|
# Inform browser of SPDY availability
|
||||||
add_header Alternate-Protocol 443:npn-spdy/3;
|
add_header Alternate-Protocol 443:npn-spdy/3;
|
||||||
|
|
||||||
# Adjust connection keepalive for SPDY clients:
|
# Adjust connection keepalive for SPDY clients:
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
#trusted cert must be made up of your intermediate certificate followed by root certificate
|
#trusted cert must be made up of your intermediate certificate followed by root certificate
|
||||||
#ssl_trusted_certificate /path/to/ca.crt;
|
#ssl_trusted_certificate /path/to/ca.crt;
|
||||||
|
|
||||||
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
|
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
|
||||||
resolver_timeout 2s;
|
resolver_timeout 2s;
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,5 @@
|
||||||
# This is not included by default, because it'd be better if you use the build
|
# This is not included by default, because it'd be better if you use the build
|
||||||
# script to manage the file names.
|
# script to manage the file names.
|
||||||
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
|
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
|
||||||
try_files $uri $1.$2;
|
try_files $uri $1.$2;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,13 @@
|
||||||
# Cross domain webfont access
|
# Cross domain webfont access
|
||||||
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
|
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
|
||||||
include h5bp/directive-only/cross-domain-insecure.conf;
|
include h5bp/directive-only/cross-domain-insecure.conf;
|
||||||
|
|
||||||
# Also, set cache rules for webfonts.
|
# Also, set cache rules for webfonts.
|
||||||
#
|
#
|
||||||
# See http://wiki.nginx.org/HttpCoreModule#location
|
# See http://wiki.nginx.org/HttpCoreModule#location
|
||||||
# And https://github.com/h5bp/server-configs/issues/85
|
# And https://github.com/h5bp/server-configs/issues/85
|
||||||
# And https://github.com/h5bp/server-configs/issues/86
|
# And https://github.com/h5bp/server-configs/issues/86
|
||||||
expires 1M;
|
expires 1M;
|
||||||
access_log off;
|
access_log off;
|
||||||
add_header Cache-Control "public";
|
add_header Cache-Control "public";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,10 @@
|
||||||
# https://www.mnot.net/blog/2010/04/07/well-known
|
# https://www.mnot.net/blog/2010/04/07/well-known
|
||||||
# https://tools.ietf.org/html/rfc5785
|
# https://tools.ietf.org/html/rfc5785
|
||||||
location ~* /\.(?!well-known\/) {
|
location ~* /\.(?!well-known\/) {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prevent clients from accessing to backup/config/source files
|
# Prevent clients from accessing to backup/config/source files
|
||||||
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
|
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ http {
|
||||||
|
|
||||||
# Speed up file transfers by using sendfile() to copy directly
|
# Speed up file transfers by using sendfile() to copy directly
|
||||||
# between descriptors rather than using read()/write().
|
# between descriptors rather than using read()/write().
|
||||||
# For performance reasons, on FreeBSD systems w/ ZFS
|
# For performance reasons, on FreeBSD systems w/ ZFS
|
||||||
# this option should be disabled as ZFS's ARC caches
|
# this option should be disabled as ZFS's ARC caches
|
||||||
# frequently used files in RAM by default.
|
# frequently used files in RAM by default.
|
||||||
sendfile on;
|
sendfile on;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue